The GRU, the Russian military intelligence service, are doing indiscriminate and reckless cyber attacks targeting political institutions (including the Foreign Office), businesses, media and sport, say the UK and other authorities.
The Foreign Secretary Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences. Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The UK official National Cyber Security Centre (NCSC) assesses that the GRU is almost certainly these cyber actors:
APT 28
Fancy Bear
Sofacy
Pawnstorm
Sednit
CyberCaliphate
Cyber Berkut
Voodoo Bear
BlackEnergy Actors
STRONTIUM
Tsar Team
Sandworm
UK Prime Minister Theresa May and Dutch Prime Minister Mark Rutte made a joint statement on the attempted hacking of the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague by Russian military intelligence.
The NCSC produced a technical advisory: Indicators of Compromise for Malware used by APT28 (the Advanced Persistent Threat group), for those defending organisational networks to identify the ‘Indicators of Compromise’ and put in place appropriate mitigation.
Comment
At Blackstone Consultancy Senior Operations Manager, Chris Moses said: “In the past decade the Russian government has mounted more than a dozen significant cyber-attacks against foreign countries with the aim always to project Russian power and disrupt their opponent’s activities. It has almost been an undeclared war and only now are Western governments starting to realise it is a problem that needs addressing.
“Fortunately, with the multi-national condemnation of the Salisbury incident and what has happened in the Netherlands, some more aggressive actions are being carried out by Western governments to counter the threat. They are now publicising the attacks and laying the blame straight on the Russians in what is a massive change in tactics and an attempt to win the information war being fought in front of our eyes.
“Since 2007, the Russians have attacked former Soviet satellites like Estonia, Georgia, and Ukraine, and then branched out to Western nations like the US, UK and Germany. Intelligence officials and cyber experts say a strategy that pairs cyber-attacks with on-line propaganda was launched by Russian intelligence agencies a decade ago and has been refined and expanded ever since, clearly with Putin’s blessing.
“Russia has shut down whole segments of cyber space to punish or threaten countries. The segments of cyber space that are still in use are exploited by the Russians by inundating us with fake news. What is important to realise is that fake news is “a security strategy, not a media strategy.” Its whole purpose is to disorientate and destabilise Russian opponents and is a massive PSYOP campaign. If you look at the definition of a PSYOP campaign, it is as follows:
“‘Psychological operations (PSYOP) are operations to convey selected information and indicators to audiences to influence their emotions, motives, and objective reasoning, and ultimately the behaviour of governments, organizations, groups, and individuals’
“This is an ongoing and effective strategy that has been in play for a long time and is only now getting the traction it needs to bring it to the forefront of governments thinking. Fake news is a smokescreen for other more aggressive operations in that when the more aggressive operations take place and are reported on, people in the West are unsure what to believe. This is the true effectiveness and success of ‘Fake News’ in that it covers for other operations such as the incident in Salisbury and the cyber-attacks in the Netherlands.
“There will be more attacks carried out and more attacks reported. These attacks are mostly inconvenience attacks at the moment but eventually there will be an attack against critical national infrastructure somewhere and that’s when we will see the proverbial gloves come off.”
